isrstealer | 0b7669696883c3a853a6d06d3adafa79a2236baef0d448bffd1ac8574dcb64cc | Triage

Submit
Reports

Overview

overview

Static

static

0b76696968...cc.exe

windows7-x64

0b76696968...cc.exe

windows10-2004-x64

Sharing

General

Target

0b7669696883c3a853a6d06d3adafa79a2236baef0d448bffd1ac8574dcb64cc
Size

318KB
Sample

221127-qlgfqsag44
MD5

d71366f5eece0973d076ecb08e4894b4
SHA1

5192fea16a9f8244d2e6a4eaaf87655cecd1f13f
SHA256

0b7669696883c3a853a6d06d3adafa79a2236baef0d448bffd1ac8574dcb64cc
SHA512

3e00aaebe6d2c85c0ed0c4b1989bc3b2390c367aa4226758b5c8d3dee064e8003efacfdf10001752bb5578e2b431676e34eef80e8ad03edb3e3cdea2b56936dc
SSDEEP

6144:Ji3GW+lMXFj7cttK3JnSjTIJB6Jeht3h/dSYOY4IpQOvG8f1RRO:sl+c57c/KdWTIJ4JehttX7QOvHf

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

0b7669696883c3a853a6d06d3adafa79a2236baef0d448bffd1ac8574dcb64cc.exe

Resource

win7-20221111-en

isrstealer collection stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b7669696883c3a853a6d06d3adafa79a2236baef0d448bffd1ac8574dcb64cc.exe

Resource

win10v2004-20220812-en

isrstealer collection stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  0b7669696883c3a853a6d06d3adafa79a2236baef0d448bffd1ac8574dcb64cc
- Size
  
  318KB
- MD5
  
  d71366f5eece0973d076ecb08e4894b4
- SHA1
  
  5192fea16a9f8244d2e6a4eaaf87655cecd1f13f
- SHA256
  
  0b7669696883c3a853a6d06d3adafa79a2236baef0d448bffd1ac8574dcb64cc
- SHA512
  
  3e00aaebe6d2c85c0ed0c4b1989bc3b2390c367aa4226758b5c8d3dee064e8003efacfdf10001752bb5578e2b431676e34eef80e8ad03edb3e3cdea2b56936dc
- SSDEEP
  
  6144:Ji3GW+lMXFj7cttK3JnSjTIJB6Jeht3h/dSYOY4IpQOvG8f1RRO:sl+c57c/KdWTIJ4JehttX7QOvHf
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy